尝试修复路径遍历

a09b3090 · 黎配弘 · 0442250b · a09b3090 · a09b3090 · a09b3090
Commit a09b3090 authored Oct 19, 2020 by 黎配弘
3 changed files
--- a/common/src/main/java/com/winsun/utils/FileUtil.java
+++ b/common/src/main/java/com/winsun/utils/FileUtil.java
@@ -17,7 +17,7 @@ import java.io.OutputStream;
 public class FileUtil {
    //写到相应路径
-    public  static boolean makefile(String path, MultipartFile file,String filename){
+    /*public  static boolean makefile(String path, MultipartFile file,String filename){
        File dir = new File(path);
        if (!dir.exists()) {
@@ -40,9 +40,9 @@ public class FileUtil {
            }
        }
        return true;
-    }
+    }*/
-    public  static boolean makefile1(String path, MultipartFile file,String filename){
+    /*public  static boolean makefile1(String path, MultipartFile file,String filename){
        File dir = new File(path);
        if (!dir.exists()) {
            dir.mkdirs();
@@ -62,5 +62,5 @@ public class FileUtil {
            }
        }
        return true;
-    }
+    }*/
 }
--- a/service-manager/src/main/java/com/winsun/controller/PackageController.java
+++ b/service-manager/src/main/java/com/winsun/controller/PackageController.java
--- a/service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
+++ b/service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
@@ -29,6 +29,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -244,17 +247,37 @@ public class SchoolManagementController extends BaseController {
    @Permission(menuname = "上传二维码", value = "qrcodeUpload", method = RequestMethod.POST)
    public ResponseData<String>xiaotuUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id",required = false) String id) {
-        String  backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH;
+        String  backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH;
-        boolean makefile = FileUtil.makefile(backgroundpath, file,id+FILENAME);
+        File dir = new File(backgroundpath);
-        Wrapper<School> wrapper = new EntityWrapper<>();
+        if (!dir.exists()) {
-        wrapper.eq("id",id);
+            dir.mkdirs();
-        Map<String, Object> map = new HashMap<>();
+        }
-        map.put("service_qrcode",backgroundpath+id+FILENAME);
+        File savePath = new File(backgroundpath, id + FILENAME);
-        Integer integer = schoolMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(map), wrapper);
+        OutputStream os = null;
-        if (integer!=1){
+        try {
-            return ResponseData.error("上传失败！");
+            os = new FileOutputStream(savePath);
+            os.write(file.getBytes());
+            os.flush();
+            Wrapper<School> wrapper = new EntityWrapper<>();
+            wrapper.eq("id",id);
+            Map<String, Object> map = new HashMap<>();
+            map.put("service_qrcode",backgroundpath+id+FILENAME);
+            Integer integer = schoolMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(map), wrapper);
+            if (integer!=1){
+                return ResponseData.error("上传失败！");
+            }
+            return ResponseData.success("上传成功" );
+        } catch (Exception e) {
+            log.error("上传文件失败：" + e.getMessage(), e);
+            return ResponseData.error("上传失败" + e.getMessage());
+        } finally {
+            if (os != null) {
+                try{
+                    os.close();
+                }catch(Exception e) {}
+            }
        }
-        return ResponseData.success("上传成功" );
    }